Stand up your SCIM server in a test environment and expose it at a known base URL; ensure authentication credentials are available for the test runner.
Run the SCIM Verify tool at scim.dev/verify by pointing it at your endpoint; it executes a battery of automated tests covering user and group CRUD, filtering, pagination, and schema discovery endpoints.
Supplement with the WSO2 SCIM2 compliance test suite or the python-scim scim2-tester library for additional coverage against RFC 7643 and RFC 7644 requirements.
Validate your /ServiceProviderConfig, /ResourceTypes, and /Schemas discovery endpoints return RFC-compliant responses, including correct supported attributes for filtering and sorting.
Write custom tests covering edge cases your IdP customers actually exercise: partial PATCH on group members, bulk operations if supported, and error response format (SCIM errors must use the urn:ietf:params:scim:api:messages:2.0:Error schema).
Integrate the automated tests into your CI pipeline so SCIM regressions are caught before deployment.
Known gotchas
SCIM error responses must use the SCIM error schema (urn:ietf:params:scim:api:messages:2.0:Error) with a scimType and detail field; returning plain HTTP error bodies causes conformance failures with strict IdP clients.
Many conformance tests verify that your server correctly handles the attributes query parameter to return only requested fields; omitting attribute projection support breaks compatibility with Okta and Entra provisioning agents.
Filter syntax (RFC 7644 section 3.4.2) is commonly implemented incompletely; pay particular attention to combined filters with and/or operators and value path filters used in group member PATCH operations.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp